Skip to content

Commit

Permalink
[Backport 1.3] [CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9…
Browse files Browse the repository at this point in the history
….0 (#3753)

* [CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0 (#3725)

validator.js prior to 13.7.0 is vulnerable to Inefficient
Regular Expression Complexity. 1.x is using "[email protected]".
Main has been bumped to 13.7.0 via PR #1106.
The solution is to backport it on 1.x.

Backport PR:
#1106

Issue Resolved:
#1063

Signed-off-by: Anan Zhuang <[email protected]>
Co-authored-by: Josh Romero <[email protected]>
(cherry picked from commit 53ae3cf)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md

* add changelog

Signed-off-by: Josh Romero <[email protected]>

---------

Signed-off-by: Josh Romero <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Josh Romero <[email protected]>
Co-authored-by: Anan Zhuang <[email protected]>
  • Loading branch information
4 people authored Apr 11, 2023
1 parent 347f973 commit 1c4271e
Show file tree
Hide file tree
Showing 3 changed files with 148 additions and 96 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)

### 🛡 Security

- [CVE-2021-3765] Update `@microsoft/api-documenter` and `@microsoft/api-extractor` versions to bump validator from `8.2.0` to `13.9.0` ([#3725](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3725))

### 📈 Features/Enhancements

### 🐛 Bug Fixes
Expand Down
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -274,8 +274,8 @@
"@osd/test": "1.0.0",
"@osd/test-subj-selector": "0.2.1",
"@osd/utility-types": "1.0.0",
"@microsoft/api-documenter": "7.7.2",
"@microsoft/api-extractor": "7.7.0",
"@microsoft/api-documenter": "^7.13.78",
"@microsoft/api-extractor": "^7.19.3",
"@percy/agent": "^0.28.6",
"@testing-library/dom": "^7.24.2",
"@testing-library/jest-dom": "^5.11.4",
Expand Down
Loading

0 comments on commit 1c4271e

Please sign in to comment.